Identity and verifying who you're talking to from Harald Alvestrand on 2011-11-09 (public-webrtc@w3.org from November 2011)

From: Harald Alvestrand <harald@alvestrand.no>
Date: Wed, 09 Nov 2011 17:55:26 +0100
To: "public-webrtc@w3.org" <public-webrtc@w3.org>
Message-ID: <4EBAB07E.6020702@alvestrand.no>

In the minutes from TPAC, there was a long section on identity: If you 
want to verify who you're talking to, what namespace are you actually 
verifying the identity against, and how is that mapped onto observable 
fields in protocols, and from there to stuff that's visible on the API?

A lot of the discussion is here:

http://www.w3.org/2011/11/01-webrtc-minutes.html#item06

I'd very much welcome if someone could pick up this action and present 
some actionable proposals for it:

- How do we verify identity without tying ourselves to one specific 
identity framework?
- What functions in our channel setup mechanism (DTLS-SRTP hashes???) do 
we use for communicating info that lets us verify the identity?
- What are the requirements for the UI that result from such a 
verification mechanism?

Volunteers?

             Harald, for the chairs

Received on Wednesday, 9 November 2011 16:56:04 UTC